[2689] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Not so much a bug as a warning of new brute force attack

daemon@ATHENA.MIT.EDU (Albert Lunde)
Wed Jun 5 00:55:53 1996

Date:         Tue, 4 Jun 1996 19:50:41 -0500
Reply-To: Albert Lunde <Albert-Lunde@nwu.edu>
From: Albert Lunde <Albert-Lunde@nwu.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To:  <199606042020.NAA18341@kachina.jetcafe.org> from "Dave Hayes" at
              Jun 4, 96 01:20:17 pm

> My solution was to decouple the POP passwords from the account
> passwords by having a separate POP password file.
>
> However, isn't there a safer way of sending passwords over the network?

There's the APOP extension which uses MD5 hashes, and I think another
which allows use of any IMAP autorization extension, plus there is
some sort of kerberized pop. (I think commercial Eudora supports
APOP and kerberos.)

--
    Albert Lunde                      Albert-Lunde@nwu.edu


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2689] in bugtraq

Re: Not so much a bug as a warning of new brute force attack

daemon@ATHENA.MIT.EDU (Albert Lunde)Wed Jun 5 00:55:53 1996

daemon@ATHENA.MIT.EDU (Albert Lunde)
Wed Jun 5 00:55:53 1996